--no-self-upgrade still tries to upgrade

I want to run certbot-auto under common user (not root priviledges). The problem is, that running certbot-auto --no-self-upgrade or certbot-auto certonly --no-self-upgrade still requires su, or sudo command

/usr/bin/certbot-auto certonly --no-self-upgrade ....
"sudo" is not available, will use "su" for installation steps...
Bootstrapping dependencies for Debian-based OSes...
su: Authentication failure
apt-get update hit problems but continuing anyway...
^[[Asu: Authentication failure

Which according to docu (https://certbot.eff.org/docs/using.html) shouldnt. Am I right?
Is this a bug, or am I using it wrong? I am assuming that apt-get call is checking for upgrades…

Thanks for reply,

certbot-auto tries to verify all the necessary packages it needs to run are installed. To do that, it uses sudo (or su if sudo isn’t an option). You can try running the plain certbot command instead once you’re sure all the dependencies are installed.

Note that certbot-auto also tries to keep certbot updated with the releases, running plain certbot will also bypass this function, so you will need to keep an eye on the releases yourself.

Well, I did not find “certbot” binary, only “certbot-auto” (via https://certbot.eff.org/#debianwheezy-other)
and the --no-self upgrade flag seems to be ignored (it strill tries to get su)

I run it like this:

/usr/bin/certbot-auto certonly -n --webroot -w ... -d ... --csr ... --cert-path ... --fullchain-path ... --no-self-upgrade"

according to docu listed in the link above

If I run it without the flag “–no-self-upgrade” the proccess does the same.
Therefore I conclude, the flag is ignored.

Or am I mistaken, and obtaining root priviledges is neccessary anyway?


It’s been a while since I used certbot-auto (back in the letsencrypt-auto days). Looking at the latest version, it uses virtualenv to keep things clean. You can likely find things in ~/.local/share/letsencrypt.

The first thing you’ll want to do is find where python is. You can usually use “which python” to find the full path. Once you have that, you’ll run the following command:

virtualenv --no-site-packages --python “$LE_PYTHON” “~/.local/share/letsencrypt”

Replace $LE_PYTHON with the full path to the python program.

At least, that’s what I’ve determined without trying to do a whole VM and install the tool directly.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.